Cloud computing technologies are broadly applicable in many technological fields. As a result, many organizations worldwide are using cloud technologies, such as AMAZON WEB SERVICES, MICROSOFT AZURE, and others. Rely on a cloud computing implementation of an application architecture can reduce development times and development costs, while increasing the flexibility and scalability of applications. But cloud computing implementations add a new layer of security risks. A cloud-based infrastructure can be made up of many individual roles, users, services, machines, and other entities. Some privileged entities will be capable of making substantial changes to the cloud infrastructure, for example accessing sensitive protected data. These privileged entities must be secured, for example by tracking the activities of these entities and rotating credentials for them.
Current approaches define entities associated with certain permissions as privileged. But these entities are only a subset of all of the privileged entities in a cloud deployment. Other entities can be privileged because they control attributes of other, privileged entities. These “shadow” privileged entities can be extremely difficult to identify, as cloud environments can be built using many different permissions. A “shadow” entity can be privileged because of a combination of the privileges assigned to the entity and the availability of other entities deployed to the network environment. Furthermore, the status of an entity as non-privileged or privileged can change over time, as the privileges and entities making up a cloud deployment evolve. A secure cloud environment should manage these “shadow” privileged entities, just as it manages more conventionally privileged entities.
Consequently, systems and methods are required for automatically evaluating and ranking entities deployed to a network environment. Such systems and methods can enable automatic determination of the most privileged entities in the network environment. These entities can then be targeted for additional management and protection.